Owais Mehtab

5 exploits Active since Aug 2015
CVE-2017-14980 METASPLOIT CRITICAL ruby WORKING POC
Flexense Syncbreeze - Memory Corruption
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
CVSS 9.8
EIP-2026-119186 EXPLOITDB python WORKING POC
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow
CVE-2015-2321 EXPLOITDB text WORKING POC
Job Manager < 0.7.22 - Cross-Site Scripting via Email Field
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.
CVE-2017-14147 EXPLOITDB CRITICAL text WORKING POC
FiberHome User End Router AN1020-25 - Info Disclosure
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
CVSS 9.8
CVE-2019-13493 EXPLOITDB MEDIUM text WORKING POC
Sitecore XP 9.0.171002 Authenticated Stored XSS in Media Library
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
CVSS 5.4